3 Good Examples of GDPR Breach Notification Emails | DMA

Filter By

Show All

Connect to


Three Good Examples of GDPR Breach Notification Emails

The GDPR may have made you focus on your mailing lists, but the GDPR has brought a whole range of new rules. One of them is breach notification. If you or your technology providers suffer a data breach you may need to reach out to all your customers, subscribers and everyone else still in your system. You can find the full notification requirements here: ICO: Personal data breaches

The difficult thing with breach notifications is getting that wording right so here are three recent examples that I think are worth sharing and why I think they’re effective.

Example 1: British Airways (BA)

Subject line: Theft of Customer Data

The subject line is clear, the copy is minimal and overall it gets right to the point. Whilst reassuring the customer that the matter is resolved, it also gives customers advice on how to reduce risk.

I think it’s great that they include a link for further information where customers can get the latest details. The email would be more useful if the link directed to the dedicated page opposed to BA’s homepage where customers need to scroll down to find the link.

Example 2: American Express

Subject line: We are protecting your Account

Leading on from British Airway’s example, as a partner company American Express did a fantastic job in giving customers the additional reassurance that they are protected by their credit card provider too.

The banner does a great job to help reinforce the brand’s message strengthened with a prominent link to their privacy policy.

Example 3: Superdrug

Subject line: Security Notice

Information of the breach is provided with detail but Superdrug bolded important points making the email skimmable.

As with BA’s example, addressing the email from the CEO helps to highlight that the data breach is addressed with importance.

Superdrugs could consider a subject line or header that is more specific to the breach and not repeated (“Security Notice”) to easily give customers more information at a glance.